lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Tue, 27 Mar 2007 15:24:29 +0200
From:	Ingo Oeser <netdev@...eo.de>
To:	jt@....hp.com
Cc:	"John W. Linville" <linville@...driver.com>,
	netdev@...r.kernel.org, Johannes Berg <johannes@...solutions.net>,
	Jouni Malinen <jkm@...icescape.com>
Subject: Re: [PATCH 2.6] WE-22 : prevent information leak on 64 bit

Hi,

Jean Tourrilhes schrieb:
> diff -u -p linux/include/net/iw_handler.j1.h linux/include/net/iw_handler.h
> --- linux/include/net/iw_handler.j1.h	2007-03-16 17:36:22.000000000 -0700
> +++ linux/include/net/iw_handler.h	2007-03-21 11:01:09.000000000 -0700
> @@ -500,7 +504,11 @@ iwe_stream_add_event(char *	stream,		/* 
>  	/* Check if it's possible */
>  	if(likely((stream + event_len) < ends)) {
>  		iwe->len = event_len;
> -		memcpy(stream, (char *) iwe, event_len);
> +		/* Beware of alignement issues on 64 bits */
> +		memcpy(stream, (char *) iwe, IW_EV_LCP_PK_LEN);

useless cast (void* and char* are already compatible).
You just need to cast to "char *", if you like to add an byte offset.
If not, just don't cast.

> +		memcpy(stream + IW_EV_LCP_LEN,
> +		       ((char *) iwe) + IW_EV_LCP_LEN,
> +		       event_len - IW_EV_LCP_LEN);
>  		stream += event_len;

Can this be a helper like "stream = copy_to_stream(stream, iwe, len);" ?
Or do the offsets in stream and iwe vary too much for this?

>  	}
>  	return stream;
> @@ -521,10 +529,10 @@ iwe_stream_add_point(char *	stream,		/* 
>  	/* Check if it's possible */
>  	if(likely((stream + event_len) < ends)) {
>  		iwe->len = event_len;
> -		memcpy(stream, (char *) iwe, IW_EV_LCP_LEN);
> +		memcpy(stream, (char *) iwe, IW_EV_LCP_PK_LEN);

useless cast.

>  		memcpy(stream + IW_EV_LCP_LEN,
>  		       ((char *) iwe) + IW_EV_LCP_LEN + IW_EV_POINT_OFF,
> -		       IW_EV_POINT_LEN - IW_EV_LCP_LEN);
> +		       IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN);
>  		memcpy(stream + IW_EV_POINT_LEN, extra, iwe->u.data.length);
>  		stream += event_len;
>  	}
> @@ -574,7 +582,11 @@ iwe_stream_check_add_event(char *	stream
>  	/* Check if it's possible, set error if not */
>  	if(likely((stream + event_len) < ends)) {
>  		iwe->len = event_len;
> -		memcpy(stream, (char *) iwe, event_len);
> +		/* Beware of alignement issues on 64 bits */
> +		memcpy(stream, (char *) iwe, IW_EV_LCP_PK_LEN);

useless cast.

> +		memcpy(stream + IW_EV_LCP_LEN,
> +		       ((char *) iwe) + IW_EV_LCP_LEN,
> +		       event_len - IW_EV_LCP_LEN);
>  		stream += event_len;
>  	} else
>  		*perr = -E2BIG;
> @@ -598,10 +610,10 @@ iwe_stream_check_add_point(char *	stream
>  	/* Check if it's possible */
>  	if(likely((stream + event_len) < ends)) {
>  		iwe->len = event_len;
> -		memcpy(stream, (char *) iwe, IW_EV_LCP_LEN);
> +		memcpy(stream, (char *) iwe, IW_EV_LCP_PK_LEN);

useless cast.

>  		memcpy(stream + IW_EV_LCP_LEN,
>  		       ((char *) iwe) + IW_EV_LCP_LEN + IW_EV_POINT_OFF,
> -		       IW_EV_POINT_LEN - IW_EV_LCP_LEN);
> +		       IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN);
>  		memcpy(stream + IW_EV_POINT_LEN, extra, iwe->u.data.length);
>  		stream += event_len;
>  	} else


Regards

Ingo Oeser
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists